Bug#926888: unblock: wget/1.20.1-1.1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#926888: unblock: wget/1.20.1-1.1
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 11 Apr 2019 22:07:21 +0200
Message-id: <[🔎] 155501324109.8908.18409104578699147681.reportbug@eldamar.local>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 926888@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi,

Please unblock package wget

It fixes CVE-2019-5953, #926389 a buffer overflow vulnerability in the
handling of Internationalized Resource Identifiers (IRI), it was
adressed as well in DSA-4425-1 for stretch.

Attached is the debdiff between 1.20.1-1 and 1.20.1-1.1.

unblock wget/1.20.1-1.1

Regards,
Salvatore

diff -Nru wget-1.20.1/debian/changelog wget-1.20.1/debian/changelog
--- wget-1.20.1/debian/changelog	2018-12-27 18:53:18.000000000 +0100
+++ wget-1.20.1/debian/changelog	2019-04-05 15:36:38.000000000 +0200
@@ -1,3 +1,10 @@
+wget (1.20.1-1.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Fix a buffer overflow vulnerability (CVE-2019-5953) (Closes: #926389)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Fri, 05 Apr 2019 15:36:38 +0200
+
 wget (1.20.1-1) unstable; urgency=high
 
   * new upstream release 2018-12-26
diff -Nru wget-1.20.1/debian/patches/Fix-a-buffer-overflow-vulnerability.patch wget-1.20.1/debian/patches/Fix-a-buffer-overflow-vulnerability.patch
--- wget-1.20.1/debian/patches/Fix-a-buffer-overflow-vulnerability.patch	1970-01-01 01:00:00.000000000 +0100
+++ wget-1.20.1/debian/patches/Fix-a-buffer-overflow-vulnerability.patch	2019-04-05 15:36:38.000000000 +0200
@@ -0,0 +1,30 @@
+From: Tim Ruehsen <tim.ruehsen@gmx.de>
+Date: Fri, 5 Apr 2019 11:50:44 +0200
+Subject: Fix a buffer overflow vulnerability
+Origin: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c,
+ https://git.savannah.gnu.org/cgit/wget.git/commit/?id=562eacb76a2b64d5dc80a443f0f739bc9ef76c17
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-5953
+Bug-Debian: https://bugs.debian.org/926389
+
+* src/iri.c(do_conversion): Reallocate the output buffer to a larger
+  size if it is already full
+---
+ src/iri.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+--- a/src/iri.c
++++ b/src/iri.c
+@@ -189,9 +189,10 @@ do_conversion (const char *tocode, const
+         {
+           tooshort++;
+           done = len;
+-          len = outlen = done + inlen * 2;
+-          s = xrealloc (s, outlen + 1);
+-          *out = s + done;
++          len = done + inlen * 2;
++          s = xrealloc (s, len + 1);
++          *out = s + done - outlen;
++          outlen += inlen * 2;
+         }
+       else /* Weird, we got an unspecified error */
+         {
diff -Nru wget-1.20.1/debian/patches/series wget-1.20.1/debian/patches/series
--- wget-1.20.1/debian/patches/series	2018-12-15 18:07:46.000000000 +0100
+++ wget-1.20.1/debian/patches/series	2019-04-05 15:36:38.000000000 +0200
@@ -1,3 +1,4 @@
 wget-doc-remove-usr-local-in-sample.wgetrc
 wget-doc-remove-usr-local-in-wget.texi
 wget-passive_ftp-default
+Fix-a-buffer-overflow-vulnerability.patch

Reply to:

Follow-Ups:
- Bug#926888: unblock: wget/1.20.1-1.1
  - From: Niels Thykier <niels@thykier.net>
- Processed: Re: Bug#926888: unblock: wget/1.20.1-1.1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#926888: marked as done (unblock: wget/1.20.1-1.1)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: unblock: feersum/1.406-3
Next by Date: Bug#926889: unblock: graphviz/2.40.1-6
Previous by thread: Bug#926882: marked as done (unblock: pymilter/1.0.3-3)
Next by thread: Bug#926888: unblock: wget/1.20.1-1.1
Index(es):
- Date
- Thread